Control cards, such as smart cards, as known in the relevant art are often used for security purposes such as user authentication. Most conventional control cards include some form of readable storage means such as a magnetic strip, an optical code (e.g. a bar code) or an on-board memory chip, for storing data (e.g. a personal identification number) associated with the card. Such control cards can be generically referred to as memory cards. However, control cards including a storage means in the form of an on-board memory chip are generally referred to as ‘smart cards’. The data stored in the storage means is generally read by some form of terminal device, which includes a magnetic read head, for example.
One known method for authenticating a user and allowing the user access to amenities and/or services is by requesting that the user present a memory card at a point of access and then enter a personal identification number into an input device. The input device compares the entered personal identification number with data stored in the memory of the memory card to determine the validity of the entered personal identification number. Such a method suffers from the disadvantage that the input device is made aware of the configuration of the personal identification number and may be used to copy and/or reuse the personal identification number. Since users often utilise the same personal identification number to gain access to a variety of unrelated amenities and/or services, the security of these amenities and/or services can be compromised in one action through the use of an insecure input device. Thus, the input device used for reading a smart card must be secure so as not to allow a user's personal identification number to be exposed or otherwise used without the consent of the user.
Some smart cards include a microprocessor integrally formed within the smart card. These smart cards are generally referred to as microprocessor or central processing unit (CPU) cards and some of these CPU cards are configured to address the problem of non-secure input and terminal devices by incorporating an input device onto the smart card in the form of a touch sensitive keypad on at least one surface of the card.
There are several existing smart card systems, which utilise CPU smart cards including a keypad. One of these existing smart card systems utilises a self-contained smart card including a keypad, a display, a memory and means to enter and verify a personal identification number. In order to gain access to amenities and/or services, a user presents the CPU card at a point of entry and then enters a personal identification number using the built-in keypad. The personal identification number is verified by a verification means associated with the point of access and the user is allowed or denied access to the amenity and/or service depending on the result of the verification process.
Another of these existing smart card systems includes a self-contained smart card having a power source, a keypad, a display, a memory and a means to enter identification information. Still another existing smart card system utilises a self-contained CPU card including a multi-functional and programmable keypad and display, which are used to enter information. These other smart card systems work in a similar manner to the smart card system described above.
Still another existing CPU smart card system allows a personal identification number to be entered into a CPU card, which includes a touch sensitive keypad, when the card is inserted into a smart card reader. The reader includes an overlay which can be positioned over the surface of the smart card to provide user interface elements related to the keypad. The overlay is configured to allow a user to transfer pressure onto the surface of the CPU card, adjacent to one or more of the user interface elements, in order to select a function.
However, the above mentioned keypad CPU cards require specialised integrated circuit hardware in order to detect pressure on certain points which rules out the use of most conventional CPU smart cards with systems using these keypad CPU cards. Further, CPU cards including an integrally formed keypad generally require discrete user interface elements in discrete positions on the card which limits the function of such cards. Still further, the manufacture of such an integrated circuit card, and in particular the integrated circuit hardware associated with the card, is relatively difficult and involves a very high cost relative to most conventional smart cards. These limitations of keypad CPU cards generally render the cards unsuitable for wide spread usage.
One existing CPU card with a user interface printed on at least one surface of the card includes a data structure describing the interface, where the data structure is stored in a memory integrally formed within the CPU card. The reader device used with this existing CPU card, includes a transparent touch panel positioned above the CPU card so that user interface elements printed on a surface of the smart card are visible underneath the transparent touch panel. The reader device is configured to determine the position of a touch on the transparent panel and then read data structure information stored within a memory of the card to determine which user interface elements have been pressed. The reader device then sends a data string associated with the selected user interface elements to a remote application. However, this reader device suffers from similar disadvantages to those discussed above, in that data stored in the memory of the card is read by the reader and so is not kept confidential. Therefore, the card cannot be used with an untrusted reader.